What is Security Program as a Service?

The Security Tide is Rising The rapid adoption of cloud, in-house application development, and open-data initiatives have been instrumental for business-enablement. However, this new data-centric world has increased the complexity of managing cybersecurity risks to business and people alike. In response: new privacy laws, security standards, and regulatory compliance have necessitated the need for companies Read more…

A Beginners Guide to GDPR

On May 25th, 2018 the deadline for GDPR compliance came into effect. GDPR, or General Data Protection Regulations were made to unify data protection rights for users, and strengthen them in the process. All organizations MUST follow the rules. This is to protect all the personal data held by them as a corporation. Some of Read more…

PCI DSS Version 3.2.1: 3.2 Got a Makeover

PCI DSS version 3.2.1 has been released. Luckily for users, not much has changed. Actually, almost nothing has changed. This update is simply to replace 3.2 in regards to effective dates that a change-over needs to be made entirely. The SSL migration deadlines have already passed, so everyone should be using 3.2 at this time. Read more…

Top Four Things Keeping Your CISO Up At Night

The position of CISO, Chief Information Security Officer, has evolved significantly over the last few years. It has become a standalone position and is no longer just a title slapped on to an existing employee’s responsibilities. This new CISO has the responsibility, and ultimately accountability, to think proactively safeguarding the confidentiality, integrity, and availability of Read more…

Managing Third-Party Risks Introduced by Vendor Relationships

These days no organization can completely avoid dealing with third parties, which by doing so gives them a competitive advantage, lesser cost, and ultimately increase profits but these relationships present one with multiple risks. With the threat of security breaches, supply chain disruptions, data theft, or reputational damage stemming from third-parties, it is essential for Read more…

Leverage Your GRC Platform for SOC 2 Compliance

Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

FedRAMP Low, Moderate, or High?

Which security baseline do you need under the Federal Risk and Authorization Management Program (FedRAMP)? Is it low, moderate, or high? While choosing to utilize cloud services has the added benefits of flexibility, increased collaboration, and lower upfront investments, it can also bring about increased risks, and for that reason, the US federal government has Read more…

FedRAMP Compliance: What’s in it for me?

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…